← volver
CVE-2024-25116

Specially crafted CF.RESERVE command can lead to denial-of-service

CVSS 5.5 MEDIUMEPSS 0.2%CWE-20
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Productos afectados
RedisBloom · RedisBloom

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/RedisBloom/RedisBloom/commit/61d980a429050637f1af9fe919a880800a824f2ahttps://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-wrwq-cfrx-pmg4